The vulnerability of the Google Chrome browser’s window manager allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Google Chrome browser’s window manager is caused by a numerical overflow condition. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

SUSE CVE-2009-3986

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property...

SUSE CVE-2011-3087

Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors...

SUSE CVE-2016-1710

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

SUSE CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

DEBIAN-CVE-2022-0460

Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2022-0460

Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6436

Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

Firefox Proxy Prototype Privileged Javascript Injection Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 'Firefox Proxy Prototype Privileged...

Firefox Proxy Prototype Privileged Javascript Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 'Firefox Proxy Prototype Privileged Javascript Injection', 'Description' = %q This exploit gains...

Firefox Proxy Prototype Privileged Javascript Injection

This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability. This module requires Metasploit:...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)

The Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption 1.9.0.16 - MFSA 2009-68/CVE-2009-3983 bmo487872 NTLM reflection vulnerability...

CVE-2009-3986

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property...

Mozilla Foundation Security Advisory 2009-70

Mozilla Foundation Security Advisory 2009-70 Title: Privilege escalation via chrome window.opener Impact: Moderate Announced: December 15, 2009 Reporter: David James Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1 Description Security researcher David James...

SeaMonkey < 2.0.1 Multiple Vulnerabilities

Binary data 5265.prm...

Debian Security Advisory DSA 838-1 (mozilla-firefox)

The remote host is missing an update to mozilla-firefox announced via advisory DSA 838-1. Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network...

[Full-disclosure] Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

Debian DSA-838-1 : mozilla-firefox - multiple vulnerabilities

Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network resources. - CAN-2005-2701 Heap overrun in XBM image processing - CAN-2005-2702 Denial of...